I'm sitting here across the office from Bob, who is logged into the domain right now, working away. I pull up AD Admin Center and take a look at Bob's account and it tells me his last log on date is 10/25/2010 at noon. It's currently 11/2/2010 at 10 in the morning.

My date on my server is correct, the date on his computer is correct...What's going on?

There are two attributes in Active Directory for Last Login trackinglastLogon and `lastLogonTimestamp'.

The first (lastLogon) is a per Domain controller attribute that can take up to two weeks to sync to all other DC's due to low priority sync.

When synced it updates 'lastLogonTimestamp' which is the one shared by all DC's. I imagine that the AD Admin Center is looking at lastLogonTimestamp instead of the per DC value, since it would have to query all DC's, get the value, compare to find the latest and present it.

Good to know! I guess I assumed there was a single DC when I shouldn't have.
–
Aaron CopleyNov 4 '10 at 14:39

@Aaron Copley - As a side note, your assumption that there was only one DC makes me assume that you may only have a single DC. If that's the case, that's a bad position to be in. Stand up another one ASAP and be sure to make it a Global Catalog. (...but if that's not the case, disregard this entire comment!)
–
gWaldoNov 4 '10 at 20:45

I don't run the DC's here but we do have more than one. What I meant is that I just wasn't thinking in terms of replication. :)
–
Aaron CopleyNov 4 '10 at 20:58